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[0001] This non-provisional application is a continuation-in-part of the provisional 
patent application serial number 60/424,1 12 with inventor Brian Styles entitled 
"EVENT-BASED APPLICATION FOR PERFORMING CONFIGURATION 
CHANGES IN A NETWORKED ENVIRONMENT'" filed November 4, 2002. Further, 
this is a continuation-in-part of the non-provisional patent application serial number 
09/489,759 with inventor Brian Styles entitled "METHOD AND APPARATUS TO 
MANAGE NETWORK CLIENT LOGON SCRIPTS USING A GRAPHICAL 
MANAGEMENT AND ADMINISTRATION TOOL" filed January 21 , 2000. Each of 
the above-referenced applications are hereby incorporated by reference in their 
entireties. 

[0002] This non-provisional application is related to the following two non- 
provisional applications: (1) U.S. Patent Application No. XX/XXX.XXX, entitled 
"PORTABLE COMPUTER DETECTION FOR APPLYING CONFIGURATION 
SETTINGS IN A NETWORKED ENVIRONMENT", filed on even date herewith, and 
(2) U.S. Patent Application No. XX/XXX.XXX, entitled "VALIDATION OF 
CONFIGURATION SETTINGS PRIOR TO APPLICATION WITHIN A NETWORKED 
ENVIRONMENT", filed on even date herewith, which are hereby commonly 
assigned to ScriptLogic Corporation and which are hereby separately incorporated 
by reference in their entirety. 

COPYRIGHT NOTICE 

[0003] All of the material in this patent application is subject to copyright 
protection under the copyright laws of the United States and of other countries. As 
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of the first effective filing date of the present application, this material is protected as 
unpublished material. However, permission to copy this material is hereby granted 
to the extent that the copyright owner has no objection to the facsimile reproduction 
by anyone of the patent documentation or patent disclosure, as it appears in the 
United States Patent and Trademark Office patent file or records, but otherwise 
reserves all copyright rights whatsoever. 

BACKGROUND OF THE INVENTION 

[0004] 1. Field of the Invention 

[0005] The invention disclosed broadly relates to the field of client-server 
computing and/or server centric computing, and more particularly relates to the field 
of desktop administration and network management tools. 

[0006] 2. Description of the Related Art 

[0007] The field of client-server computing continues to grow. Networks such as 
LANs, Intranets, the Internet and the World-Wide Web are based on client-server 
topologies. The growth of client-server computing has lead to an increased demand 
on the administration of networks by administrators. 

[0008] For each client, the administrators must set each shared applications the 
client will have access to, define the desktop layout and security, and other client 
configurations. As an example, one application from Microsoft Corporation called 
Outlook often requires client user configuration guided by an installation wizard. 
However, many computer users may not know what to enter for the wizard or may 
provide incorrect values, so network administrators have historically made use of 
logon scripts to provide a pre-configured environment. 

[0009] The term "logon script" is the set of executables or scripts or batch files 
that a client system runs during logon, which may be locally stored by the client and 
retrieved from a server that defines the resources, security and the configuration for 
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each client. Operating systems 306 such as Microsoft Windows NT4.0/2000/2003 
provide some settings for applications that can be configured automatically during 
the clients' boot-up and login in the client default profile or through system policies. 
However, some of the settings for applications and resources, such as mapping a 
drive letter to a network resource or connecting to a network printer or automatic 
software deployment, which fall between the cracks of what Windows NT allows 
administrators to configure automatically for each client. For these settings, custom 
logon scripts files or custom executables have been used. 

[00010] Logon scripts have been around with products such as Novell Inc.'s 
Netware™ products for years. The Novell products are not the only scripting 
products available, and other scripts are possible in operating system 306 such as 
Windows NT 4.0. Logon scripts are very useful tools in the network environment. 
Logon scripts automatically run during the logon process and can help set up the 
client working environment by copying files, creating connections, and launching 
applications. The logon process can be summarized as the sequence events 
between the time a user enters their authentication information (e.g., userid and 
password) and the time the computer is ready to be used (e.g. the desktop is loaded 
and the user can begin work). 

[0001 1] In fact, it is common today for most corporate networks to use logon 
scripts because they assist with centralized administration. However logon scripts 
are difficult to create, edit and administer. Also, logon scripts in certain 
environments such as Windows NT/2000/2003 can be assigned to a single user or 
multiple users. 

[00012] Although these logon scripts are useful for helping to administer and 
manage networks, they are not without their shortcomings. One shortcoming with 
logon scripts today is that they are written in a special scripting language or DOS 
batch files and must be hand edited and debugged. The requirement to write and 
debug logon scripts across an enterprise network installation is time consuming and 
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expensive. Accordingly, a need exists for a method and apparatus to provide a 
centralized configuration. 

[0001 3] Another shortcoming with currently available solutions is that they are 
cumbersome to manage across several clients. To centrally manage clients, 
network administrators make use of batch files and scripts that are customized to 
each client. The process of managing custom batch files for each user and/or 
computer is tedious. Moreover, the currently available solutions such as logon 
scripting languages, cannot support the complex features of network administration. 
More complex feature such as group memberships, printer deployment, proxy server 
access, MS Office paths, service packs, anti-virus updates, policies and automatic 
Outlook/Exchange mail profile creation are not supported in many logon scripts. The 
administrators of large networks are then forced to make a difficult choice of either 
learning a more complex logon scripting language and attendant debugger or forego 
supporting more complex features centrally in the network administration. 
Accordingly, a need exists for a method and an apparatus to provide the 
administration of a plurality of clients across a network the ability to able to handle 
more complex support features without the need to debug a single line of code. 

[00014] Still another shortcoming with currently available solutions is that there is 
no method to validate if a desired setting is proper for a given user on a given client 
system. Stated differently, certain resources should not be set if a given group, a 
selected operating system and a selected connection method is not met. For 
example, a logon script may request a certain drive letter for the client, say drive 
letter "O" to be mapped to a particular resource, say a CD ROM on a server, 
however this can only happen if the user of the client is a member of a particular 
group. Today, no method exists to verify one or more local run-time environmental 
conditions on a client. The solution employed by Microsoft in its Windows Server 
2000 and 2003 line of products is the use of Group Policy Objects at the server. 
This Group Policy Object solution although useful, is not able to make 
determinations of local run-time environments on the client. Therefore it is not 
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possible to determine such things using group policies as host address, subnets, 
MAC, primary groups, whether terminal services is running, what third party 
applications are running, and whether the client system is a portable or desktop 
hardware configuration. This type of granularity of the client system local run-time 
environment is not available. Accordingly, a need exists for a method to permit 
clients to validate local-run time environments prior to the application of one or more 
desktop settings on a client system. 

[0001 5] Yet still another shortcoming with currently available solutions and 
management applications is the inability to perform updates based on an event or 
activity. For example, it would not be useful to try to connect to a network drive on a 
portable device such as laptop if the network is not available. Warning messages 
that the network is not available often confuses users rather than assist them. 

[0001 6] Still, another shortcoming with currently available solutions and 
management applications is the inability to use wildcards such length invariant 
wildcards such as "*" i.e., the asterisk or position specific wildcards such as i.e., "?" 
the question mark. The use of wildcards enables easier management of a group of 
computers, such as clients, within in a predetermined IP address range. 

SUMMARY OF THE INVENTION 

[0001 7] A system, a computer readable medium and a method in a client-server 
environment, to manage a configuration of resources on client systems. This 
includes receiving one or more predetermined events along with one or more local 
run-time environmental conditions along with one or more user selectable settings. 
The events, the settings and the environmental conditions are previously set 
graphically using a graphical user interface with one or more user selectable 
selections therein on a server. These events, local run-time environmental 
conditions along with settings are delivered to a client system. A monitoring agent 
on the client system is used to detect when one or more predetermined events 
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occur. When an event occurs, a test is made to determine if one or more local run- 
time environmental conditions are met, and if the conditions are met then the agent 
automatically applies one or more selectable configuration settings on the client 
system. 

[0001 8] In another embodiment, a test is made if the client system is a portable 
computer as opposed to a desktop computer. When an event occurs, a test is made 
to determine if one or more local run-time environmental conditions are met, and if 
the conditions are met then the agent automatically applies one or more selectable 
configuration settings on the client system. 

[0001 9] In another embodiment, a test is made if the client system is a portable 
computer as opposed to a desktop computer. When an event occurs, a test is made 
to determine if one or more local run-time environmental conditions are met, , which 
includes the wildcard character, are met, and if the conditions are met then the agent 
automatically applies one or more selectable configuration settings on the client 
system. 

[00020] More specifically, a GUI Manager is used by a network administrator to fill- 
in predefined templates. The administrator does not need to compile, debug or write 
a single line of scripting code. The GUI manager has a "select the box" and "point 
and click" and "fill-in the blank" approach for selecting computer settings. The 
predefined template or templates are used by a program on a client system to 
manage the configuration of resources on at least one client. There are three levels 
of resources that can be managed. The first type of resource is an operating 
system. The second level is a resource for an application. And the third type of 
resource is to redirect a resource on the client to a resource on a network such as a 
drive letter mapping. Resources include configurations from the group of 
configuration settings which consist of drive mappings, shell folders, printer 
deployment, proxy server access, application paths, service packs, anti-virus 
updates, policies and automatic mail profile creation. 
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[00021] In another embodiment validation logic is used on the clients' system 
during the execution of an application program that takes the template and applies 
the defined configuration settings in the template to the clients' system so as to 
automatically configure at least one configuration setting for a user if the 
combination of one or more predefined conditions for a selected group, a selected 
operating system and a selected connection method are met. 

[00022] In still another embodiment, an interpretive engine is used on the client's 
system to permit the administration of client resources with a template while also 
allowing network administrators to build their own custom applications. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[00023] The subject matter which is regarded as the invention is particularly 
pointed out and distinctly claimed in the claims at the conclusion of the specification. 
The foregoing and other objects, features, and advantages of the invention will be 
apparent from the following detailed description taken in conjunction with the 
accompanying drawings. 

[00024] FIG. 1 is a block diagram of a client-server system for carrying out this 
present invention. 

[00025] FIG. 2 is a block diagram of the major electrical components of an 
information processing system, according to the present invention. 

[00026] FIG. 3 is a block diagram illustrating the software hierarchy for the 
information-processing device of FIG. 2, according to the present invention. 

[00027] FIG. 4 is a high-level block diagram of the over all client-server graphical 
tool architecture, according to the present invention. 
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[00028] FIG. 5 is a screen shot of an exemplary GUI Manager for the validation 
logic, according to the present invention. 

[00029] FIG. 6 illustrates a user screen for an example drive settings Drive 
Settings, according to the present invention. 

[00030] FIG. 7 is an example of using Boolean operators (AND, OR, NOT, XOR), 
according to the present invention 

[00031] FIG. 8, is an example GUI of the validation logic of another embodiment 
with a 4-part validation logic scheme type, Class, Os, Connection and wildcard 
matching, according to the present invention. 

[00032] FIG. 9 is exemplary source code for carrying out the wildcard logic, 
according to the present invention. 

[00033] FIG. 1 0 is an exemplary flow of the detection of a portable computer, 
which may be accomplished in a variety of ways, according to the present invention. 

[00034] FIG. 11 is an example of source code used for implementing laptop 
detection of FIG. 10, in an embodiment of the present invention. 

DETAILED DESCRIPTION OF AN EMBODIMENT 

Glossary of Terms Used in this Disclosure 

[00035] Many terms are defined in the attachments hereto and incorporated by 
reference in their entirety entitled "SCRIPTLOGIC GETTING STARTED GUIDE" and 
"SCRIPTLOGIC ADMINISTRATOR'S GUIDE", which are both available online from 
scriptlogic.com. Any conflict in terms that may exist between the appendix and this 
specification, the specification takes precedence. 
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[00036] agent / program - a program that gathers information or performs some 
other service without immediate presence and on some regular schedule. Typically, 
an agent program, using parameters you have provided, searches all or some part 
of the Internet, gathers information you're interested in, and presents it to you on a 
daily or other periodic basis. 

[00037] configuration setting - a setting in an information processing system such 
as a PC during a boot-up and logon process. The configuration settings can be 
broken down into three categories. The first category is for setting an operating 
system that can include configuration settings for an operating system such as a 4- 
digit year, type of wallpaper, type of screen saver, 24-hour clock. The second 
category is for setting for one or more application such as mapping a default drive 
for a word processor's document files, the path of the backup files and the default 
open and save path for a word processor. The third category is for the mapping of a 
resource on a client to a resource on a network, such as a drive, CD ROM drive, 
tape drive or printer. 

[00038] connection method - the method by which a client system is 
communicating to a server system. For example, is the client system physically 
wired to a network (e.g. LAN, RAS, VPN) or is the system dialing in over a 
telecommunications line or broadcast transmission (e.g. dial-up Networking). 

[00039] group - a collection of users of user accounts. Groups are typically 
created to simplify the task of managing and defining rights for a large number of 
users. A user can belong to more than one group. For example, a user might 
belong to the manager group, the advisory group and the golf group. Another 
example is a sales team, human resources department where group definitions or 
memberships typically follow departments, workgroups and physical locations. 

[00040] information processing system - a system capable of processing data and 
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[00041] information and integrated with processes such as office automation and 
data communication. An information processing system can be embodied in a 
variety of hardware such as a PC, or microprocessor-based system. 

[00042] interpreter or interpretive engine - a computer program that can interpret 
and execute statements in a source program without the performing intermediate 
steps of compiling the source program into machine language. 

[00043] interpretive program language - the source programming language used 
by an interpretative engine. 

[00044] local client run-time environment - one or more operating environment 
variables which are determined at client run-time, including but not limited to an 
operating system which is running, a MAC address, user name, workstation name, 
TCIP/IP address, host address, site, domain, connection method, whether the client 
system is a portable device or desktop device and any other setting not typically 
determined until the client system has started. 

[00045] operating system - software that controls the execution of programs and 
that may provide services such as resource allocation, scheduling, input/output 
control, and data management and administration. Although an operating system is 
predominately software, partial hardware implementations are possible. 

[00046] PC Card / PCMCIA - PC (previously known as a PCMCIA card) is a credit 
card-size memory or I/O device that fits into a personal computer, usually a 
notebook or laptop computer. Probably the most common use of a PC Card is the 
telecommunications modem for notebook computers. 

[00047] portable system - a hardware device, such as a laptop, palm top, PDA or 
smartphone, which is designed to run on portable power supply such as a battery 
and is typically moveable with a user having its own keyboard and other input device 
and its own display. As contrasted with a desktop system where the power supply is 
connected to an electrical outlet and the display and keyboard are typically separate. 
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[00048] template -a structure for holding one or more settings to configure the 
runtime environment of a client information processing system which are 
independent of the operating system 306 running on the client computer. 

[00049] user - a person requiring the services of an information processing 
system. 

[00050] validation - the processes of testing one or more entries in a template 
against predefined boundary points, criteria or files. 

[00051] wildcard - is a character in an entry that can stand for zero or more 
contiguous characters. The most commonly used wildcard characters are the 
asterisk (*), which typically represents zero or more characters in a string of 
characters, and the question mark (?), which typically represents any one character. 

One Embodiment of a Network System For Running the Graphical Tool 

[00052] FIG. 1 is a block diagram of a client-server system 1 00 for carrying out this 
present invention. A server information processing system 102 such as a PC server 
such as those available from IBM and Compaq or a server from Sun Microsystems 
or equivalent. The server 102 has an interface 104 for reading programming 
information from a computer readable medium 106 such as a floppy diskette, CD 
ROM, DVD ROM, Flash Memory or other removable computer readable medium. 
The server 102 is linked to a plurality of client information processing systems 104, 
such as a PC via a network 116 through gateway 1 14 and router 1 12. 

[00053] In addition, one or more of the clients 1 08, may have an interface 1 1 0 for 
reading programming information from a computer readable medium 112 such as a 
floppy diskette, CD ROM, DVD ROM, Flash Memory or other removable computer 
readable medium. 

[00054] Referring to FIG. 2, there is shown a block diagram of the major electrical 
components of an information processing system 200 in accordance with this 
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invention. The electrical components include: a central processing unit (CPU) 208, 
an Input/Output (I/O) Controller 210, a system power and clock source 212; display 
driver 214; RAM 202; ROM 204; ASIC (application specific integrated circuit) 206 
and a hard disk drive 218. These are representative components of a computer. 
The operation of a computer comprising these elements is well understood. 
Network interface 216 provides connection to a computer network such as Ethernet, 
TCP/IP or other popular protocol network interfaces. Optional components for 
interfacing to external peripherals include: a Small Computer Systems Interface 
(SCSI) port 224 for attaching peripherals; a PCMCIA slot 222; and serial port 220. 
An optional diskette drive 226 is shown for loading or saving code to removable 
diskettes 228 or equivalent computer readable media. It is important to note that the 
system 200 can be implemented as any or all of the two information-processing 
components of FIG. 1, the client 108, the server 102. 

[00055] The system 200 may be implemented by a combination of hardware and 
software. Moreover, the functionality required for using the invention may be 
embodied in computer-readable media (such as 3.5 inch diskette 228 or 106 or 1 12) 
to be used in programming an information-processing apparatus (e.g., a personal 
computer) to perform in accordance with the invention. Computer program means, 
or computer program, in the present context, means any expression, in any 
language, code or notation, of a set of instructions intended to cause a system 
having an information processing capability to perform a particular function either 
directly or after either or both of the following: a) conversion to another language, 
code or notation; b) reproduction in a different material form. 

[00056] FIG. 3 is a block diagram illustrating the software hierarchy for the 
information processing system of FIG. 2 according to the present invention. The 
hardware 200 is the information processing system of FIG. 2. BIOS (Basic Input 
Output System) 302 is a set of low level of computer hardware instructions, usually 
stored in ROM 206, for communications between an operating system 306, device 
driver(s) 304 and hardware 200. Device drivers 304 are hardware specific code 
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used to communicate between an operating system 306 and hardware peripherals 
such as a mouse, CD ROM drive or printer. Applications 308 are software 
application written in C/C++, Java, assembler or equivalent. Operating system 306 
is the master program that loads after BIOS 302 initializes, that controls and runs the 
hardware 200. Examples of operating systems includes DOS, Palm OS, Pocket PC, 
Windows 3.1 / 95 / 98 / Me / Millennium / NT / 2000 / XP, Linux, Unix, Macintosh, 
OS/2 and equivalent. In one embodiment, the graphical scripting tool is an 
application 308 that resides on the Server 102 and communicates with client 108 
over the network 116. In another embodiment, the graphical scripting tool is an 
application 308 that runs on the client 108 that may be downloaded from the Server 
102 such as a Java Application or loaded via computer readable medium 228 on the 
client 108. In yet another embodiment, the graphical scripting tool is a hybrid 
application 308 that exists both on the Server 102 and on the client 108. The 
graphical scripting tool operates in a stand-alone manner and communicates with 
the server 102 for submission of the intellectual property application. 

[00057] The present invention can be realized in hardware, software, or a 
combination of hardware and software. The graphical scripting tool according to the 
present invention can be realized in a centralized fashion in one computer, or in a 
distributed fashion where different elements are spread across interconnected 
computer systems. Any kind of computer system - other apparatus adapted for 
carrying out the method described herein is suited. A typical combination of 
hardware and software could be a general-purpose computer system such that it 
carries out the methods described herein. The present invention can also be 
embedded in a computer program product, which comprises all the features 
enabling the implementation of the methods described herein, and which - when 
loaded in a computer system - is able to carry out these methods. 
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One Embodiment of a Graphical Tool Over-All Architecture 



[00058] The present invention separates the validations of a local run-time 
environmental condition such as operating system type and the application of 
configuration settings on the client. This separation of validating of the local-run- 
time environmental conditions of a client with the application of settings permits very 
fine granularity of client configuration settings. Moreover, the validation logic is 
applicable to any configuration setting configurable at client run-time such as 
security policies, drive mappings, startup applications, registry settings, printer 
assignments, folder redirections, Internet Settings, desktop shortcuts, proxy 
configurations, application paths, Microsoft Office Paths, application settings, 
Microsoft Outlook/Exchange mail profiles, profiles, service packs, anti-virus updates, 
and other policies. The overall process of the Graphical Tool can be broken down 
into several discrete components some of which are optional (i) a server based 
graphical manager, (ii) (Optional) an authentication module, (iii) an agent / program 
running on the client; (iv) (optional) event monitor and (v) validation logic; and (vi) 
application settings. Shown in FIG. 4 is a high-level block diagram 400 of the over 
all client-server graphical tool architecture according to the present invention. The 
application 308 running on the server presents a GUI Manager 402. The GUI 
Manager 402 is used by a network administrator to configure settings and entries in 
templates 404. Besides storing the entries selected by the administrator, the 
template may also contain validation criteria (not shown) that tests to see if the entry 
is within a predetermined range. This validation criterion is used as a local run-time 
environmental condition as described further below. In one embodiment, the 
application 308 on the client 108 contains two components: an engine 408 and a 
program 406 that reads the settings in the templates 404 programs. In one 
embodiment, the program includes an engine (not shown). The engine in this 
embodiment is a commercially available interpretative engine. The KiXtart™ has 
been shown to be operate well but other engines or compiled languages can also 
used. Optionally, the program 406 may be encrypted by compiler so as to prevent 
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unauthorized access or tampering by anyone using the tool or trying to change the 
logon settings of a client 108. 

[00059] The GUI Manager 402 is the server side process 420, which is an intuitive 
GUI-based tool that provides the ability to centrally configure and save the 
configuration settings for the script component. The GUI Manager 402 stores 
configuration settings to a single file. Examples of the GUI Manger 402 are shown in 
the Appendix entitled ScriptLogic Administrator's Guide. 

[00060] The client-side process 430 includes an optional authentication module. 
Typically a client computer 108 is powered-on, the BIOS points to an operating 
system to load and the user is presented a logon with a user name, and password 
and optional domain. Once the user authenticates to the network and/or computer, 
the operating system finishes loading and the user is presented a desktop (in 
Microsoft), the finder (in Mac), Window Manager (in Unix) or operating system shell 
in general. 

[00061] Continuing further, an optional event monitor 41 0 is shown which triggers 
the agent/program 408 to begin the validation of the local runtime environment of the 
client 108. As will be further described below, an event is any processing system 
event such as startup, shutdown, logon, error message, application launch such as 
virus scan, period of user inactivity, a network connection or dis-connection, a 
hardware message, and/or other system events. The program uses validation logic 
412 to determine if one or more of the conditions set in the templates 404 are met in 
the local runtime environment of the client 108. If one or more of the settings are 
met as required by the templates 404, the desktop and/or administrative settings 
from the template to the client are applied 414. 

One Embodiment of Graphical Validation Logic Settings 

[00062] FIG. 5 is a screen shot of an exemplary GUI Manager 402 for the 
validation logic. The logic is broken down into connection method 502 (e.g., LAN 
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and Dial-up), operating system 504 (e.g. Windows 95, 98, Me, NT, 2000, XP, 2003) 
and Class of Machine 504 (e.g. Desktop, Notebook or Portable, Tablet PC, Terminal 
Services Client, Member Server, Domain Controller) and the selected using of the 
GUI Manager 402 is checked. In the case that the particular selection does not 
meet a value 510 in one of these conditions 507 in the type 508 including but not 
limited Domain, Site, Organization Unit Computer (See Microsoft Corporation Group 
Policy Object), Organization Unit User, Group Membership, Primary Group, User 
Name, TCP/IP address, Host Address, Computer Name, MAC Address, Terminal 
Services (TS) Application Name, TS Initial Program, TS Client Name, TS Session 
Name, TS Client TCP/IP Address then the selection or setting is skipped. For 
example the template may request a certain drive letter for the client 108, say drive 
letter "O" to be mapped a particular resource, say a CD ROM on a server 102, 
however this can only happen if the user of the client 1 08 is a member of a particular 
group. 

Exemplary Drive Settings Example Usino Validation Logic 

[00063] FIG. 6 illustrates a user screen for an example drive settings Drive 
Settings 600. A pull down of possible drive letters 602 is selectable to share. The 
shared folder 604 is shown. In an optional embodiment, validation logic test to see if 
certain user selections are within predefined bounds. For example window 614 
shows a window of the possible types with an address "10.1 50.". Check box 610 
allows certain types of operating environment. In addition, the selection of 
Connection types of LAN or RAS (Remote Access Service) 612 is also shown. 

[00064] Logical drive "H" 622 would only be mapped if the following conditions 
were met: the computer that the user is logging, onto has a TCP/IP address 
beginning with "10.150." and has "Windows 98" operating system installed and is 
directly connect to a LAN i.e., not connected using a dial-up connection. Likewise 
the same validation logic could be applied to Registry Setting and/or Application 
Setting such as Microsoft Office. 
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[00065] Also shown is the concept of using validation for drive settings 600 across 
other types of setting such as Microsoft Office Settings 624 and Registry Settings 
622. This is important because the validation logic screen in FIG. 5 becomes 
available for use with different types of settings. 

[00066] It is important to note that although the flow diagrams have depicted this 
graphical scripting tool to be used during logon and boot-up of the client system, it 
will be obvious to those of average skill in the art, that the occurrence of the scripting 
for configuration of one or more resources on a client 108 can occur at times other 
than boot-up and power-on. 

Boolean Validation Logic Embodiment 

[00067] FIG. 7 is an example of using Boolean operators (AND, OR, NOT, XOR) 
and conditionals (great than, less than, equal, parenthetical, IF-THEN-ELSE) with 
multiple types 508 of FIG. 5. In this embodiment, the validation logic is greatly 
expanded because combinations as defined by Boolean operators permit more 
complex testing. In addition, the validation logic with a hierarchical structure where 
the validation logic is nested in a tree of interrelated validation logic is available. The 
validation logic permits any level of granularity of types along with Boolean 
operators, where the types are understood to be any entry, typically determined at 
run-time on a client which validation uses to validate against. 

[00068] Using the graphic tool of FIG. 7 allows the combinations of multiple 
validation logic types entries with Boolean operations and conditional operators to 
build a set of that validation logic as shown. The "Add" and "Remove" and "Or" and " 
"And" and "Not" buttons on the tool of FIG. 7 allows the editing of each entry as 
required. 
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Validation Logic With Wild Cards 

[00069] In FIG. 8, the Validation Logic has been enhanced to not only use a 4-part 
validation logic scheme type, of Class, Os, Connection but also the addition of 
wildcard character matches is included. Wildcards include both the positional 
wildcard "?" and the length independent wildcard "*". Shown in FIG. 8 is a user of a 
wildcard to match the fourth octet of a TCP/IP address 802. It is important to note 
that this example only illustrates one wildcard example and other matches, and 
combinations are possible including combinations of asterisks and question marks 
within the true scope and spirit of the present invention. 

[00070] FIG. 9 is an exemplary source code for carrying out the wildcard logic as 
shown in FIG. 8. This code would apply each component as described in step 412 
of FIG. 4 above. 

Event Driven 

[00071] As an overview, the following enhancements occur in the process flow at 
sets. In this embodiment one or more agents 1 - n in step 410 are configured and 
wait for an event. An event may be a system start-up, a logon, a period of user 
inactivity, a period of user inactivity in a given time window (e.g. Mondays after 5PM 
and before 8PM), a network connection, a process start/stop, an application 
start/stop, a virus detection, a hardware change, a message, a logoff, a shutdown or 
other triggering processes. 

[00072] It is important to note that each agent 410 waits for an event before 
configuring the client 108. In one embodiment, more than one agent and more than 
one event are executing independently and each agent is waiting for a single event. 
For example, one agent applies updates to the OS when there is inactivity and this 
update is "run as" an administrator on the client. As another example, an agent 
connects a shared printer when the network is available. In one embodiment, the 
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agent program has the given event to be tracked passed to it upon invocation and 
the program only returns when the given event has occurred. 

[00073] In another embodiment, the event monitors a list for unauthorized 
applications such as Instant Messaging or Password crackers or games that a user 
on a client system may attempt to install. The unauthorized applications or 
alternatively the authorized applications are determined by the template file 404. If 
the Event Monitor 410 determines that an unauthorized application is being installed 
and/or executed, the Event Monitor 410 notifies the Agent Program 408, which in 
turn takes one or more actions such as disabling a process running the unauthorized 
program, sending an e-mail notification to an administrator, and/or locking access to 
the client system. This embodiment assists administrators by maintaining security 
and integrity of the desktop system and moreover reduces loss of productivity of a 
worker using an unauthorized game application. 

Portable and Desktop Detection 

[00074] In an embodiment of the present invention, the configuring process 
involves the ability to distinguish a portable (i.e., laptop) client computer from a non- 
portable (i.e., desktop) client computer. This is beneficial as only certain 
configuration settings are allowed (as per validation logic rules) for portable 
computers, as opposed to desktops. FIG. 5, for example, shows an exemplary user 
interface with check boxes 1006 to manage instances of a laptop client computer 
connecting to the network. 

[00075] FIG. 1 0 is an exemplary flow of the detection of a portable computer, 
which may be accomplished in a variety of ways. This includes detecting whether a 
CPU of the client computer is a mobile type, a PCMCIA drive is present in the client 
computer, a PCMCIA card or PC Card is inserted in a socket of the client computer, 
a docking station is present in the client computer, a battery is present in the client 
computer, an uninterruptible power supply is present in the client computer, and a 
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power setting for a battery is present in an operating system of the client computer. 
Conversely, the detection of a non-portable computer may be accomplished by the 
absence of detecting any of the items described above. 

[00076] The aforementioned description of the portable computer detection 
process conforms to a client-server paradigm as the client computer executes 
applications that perform these functions. In an embodiment of the present 
invention, the aforementioned description of the portable computer detection 
process conforms to a server-centric paradigm wherein the server is responsible for 
portable computer detection on the client computer. In this embodiment, the server 
remotely detects the presence of a portable client computer. 

[00077] FIG. 1 1 is an example of source code used for implementing laptop 
detection in an embodiment of the present invention. 

[00078] A couple examples may help assist to understand why it is so important 
to determine whether a system is a portable or a desktop. Having a network share 
assigned to a portable machine not connected to a network will cause the 
application to put up an error.. For instance, it desirable to have applications such 
as Office suite products (word-processing, spreadsheet, database, presentation) to 
have a document path that is a network drive when connected to a network as a 
desktop but save to local drive if running as a portable. Likewise, configuration items 
such as Folder Redirection would often be set for desktop machines, but not for 
portable machines. 

[00079] Another example would be when you want computers connected to the 
corporate network to be configured to access the Internet through a proxy server. 
Again, portable computers, when disconnected from the corporate LAN, would 
present a problem since they would retain the configuration to use a proxy server 
though no proxy server would be present. Here the determination of a portable class 
machine could be used to disable the need to use a proxy server when the user logs 
out or the machine is shut down. 



570-P0001 



20 



EXPRESS MAIL LABEL NO. EV343426638US 

Conclusions 



[00080] Although a specific embodiment of the invention has been disclosed, it will 
be understood by those having skill in the art that changes can be made to this 
specific embodiment without departing from the spirit and scope of the invention. 
The scope of the invention is not to be restricted, therefore, to the specific 
embodiment, and it is intended that the appended claims cover any and all such 
applications, modifications, and embodiments within the scope of the present 
invention. 

[00081] What is claimed is: 
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